eqvfe (eqvfe) asked a question.
Shared/Service accounts access to multiple users
We are implementing Okta as our SSO provider and G suite as one of the applications to authenticate via Okta to our users. Let's say that domain is @abc.com. This domain has 500 users. In this domain we have 350 unique/people accounts and 150 are shared/service accounts which are access by multiple people in the org.
I want these accounts not to be individual in Okta as do not want increase license cost, is their a way wherein we can assign these accounts as app to required individuals?
Hi! Thanks for your question!
In general, it is recommended that, from a security perspective, service accounts be limited wherever possible. Due to the number of accounts that you have, that may take some time I do understand. Given your situation, each individual account in G suite would amount to an individual account in Okta as well, with my only recommendation being not to import those accounts that you would not want to consume a license.
Depending on what these shared accounts are used for, it may be possible to assign their function to a human account, but that will be unique to your business need. I do not believe it is possible to assign a person to an application standing in for a non-human account, particularly depending on your access method.
You can reference the below, but it is speaking to the use of SWA:
How Two Or More Okta Users Can Access a Shared User Account for an App
SWA can be better explained here:
What is Secure Web Authentication (SWA)
I do hope this helps! Thanks!